Mobile devices, such as smart phones and tablet computers, have become a main platform for development of various applications and provide the basis for mobile software and Internet industries. With the development of the mobile communication industry, users of mobile devices now have more freedom in selection and installation of application software, such that user experiences provided by the mobile devices will better satisfy the requirement of user personalization. However, in a mobile application system, it is inevitable that a user may be provided with virus programs or malicious software containing virus programs, in addition to non-malicious mobile application software. In contrast to desktop operating systems for conventional personal computers, in a mobile application platform, such as an Android operating system, its system kernel is locked or it is very difficult for developers to monitor and control operations of other applications using traditional virus detection techniques.
Some solutions have been proposed. For example, US Patent Application Publication No. 2011/0047597, titled “SYSTEM AND METHOD FOR SECURITY DATA COLLECTION AND ANALYSIS”, filed on Aug. 25, 2010, discloses a technique for virus detection. According to this technique, a software client in a mobile device transmits data associated with an application to a server which then analyzes the application in various aspects and returns an analysis result to the mobile device. However, this technique is restricted in that it cannot catch up with the development of mobile applications. As processing capabilities of the mobile devices gradually improve, capacities of the mobile applications also increase. While the analysis at the server does not waste any computing resource in the processor of the mobile device, some wireless transmission traffic of the mobile device will be needed for transmission of a large amount of application data. In this case, a certain period of time will be wasted and possibly the user will be charged for the traffic consumed. Further, this process is only effective when an application is being installed or when all the applications are being scanned, i.e., it applies no restriction on operations of the applications which have already been installed.
As discussed above, it is not possible in the prior art to efficiently monitor the operations of mobile applications in real time. The existing solution is dependent on operations at the server and thus on known virus and malicious software libraries and cannot work on new malicious software and viruses, which limits the application of the technique.